When I scanned opera.exe, the executable for the Opera 8.54 web browser on April 8, 2007 with ClamWin 0.90.1, it reported the file was infected with Trojan.Bifrose-495 (see ClamWin Reporting Opera Infected with Trojan.Bifrose-495). The report appeared to be a false positive and I submitted the file as a false positive using the form at ClamAV Virus Database.
When I opened ClamWin today to see if new virus definitions would result in the file no longer being reported as infected, I saw the message "You have not yet downloaded Virus Definitions Database. Would you like to download it now?" I chose "Yes". ClamWin appeared to download new definitions, but when I selected the file the Scan button was grayed out. I closed and reopened ClamWin. Again I got the message stating that I had not yet downloaded virus definitions. I chose to download them again, but the results were the same. When I exited from the program, right-clicked on the file to scan and chose "Scan with ClamWin Free Antivirus", I saw the message "Virus Definitions Database Not Found! Please download it now."
So I checked the ClamWin website. I found there was a new version, 0.90.1.1 The site had the following information on the new version:
Wednesday, 11 April 2007
This quick-fix release addresses the "Missing Virus Database" Error. Also it includes couple of bug fixes:
- Fixed file creation errors during scanning of OLE and MSI files
- Added description message when a "Can't Open File" error occurs
- Setup now installs virus definitions database
I installed the new version. I was then able to scan opera.exe and it now reports that the file is uninfected. Previously ClamWin 0.90.1 was reporting that laplink.exe was also infected. It reported that file was infected with Trojan.Mybot-7604. I felt then that there was a fairly high probabability that the report was another false positive. When I scanned the file with the new version of ClamWin with current virus definitions, that file is now reported as uninfected as well.